Commit ffac5791 authored by Jeffrey Lee's avatar Jeffrey Lee
Browse files

Add a compatibility page zero for high processor vectors / zero page relocation builds

Detail:
  When HiProcVecs is enabled, there will now be a read-only page located at &0 in order to ease compatibility with buggy software which reads from null pointers
  Although most of the page is zero-filled, the start of the page contains a few words which are invalid pointers, discouraging dereferencing them, and a warning message if the memory is interpreted as a string.
  On ARMv6+ the page is also made non-executable, to deal with branch-through-zero type situations
  OS_Memory 20 has been introduced as a way of determining whether the compatibility page is present, and also to enable/disable it
  File changes:
  - hdr/Options - Add CompatibilityPage option
  - hdr/OSMem - Declare OS_Memory reason code 20
  - hdr/KernelWS - When CompatibilityPage is enabled, make sure nothing else is located at &0
  - s/NewReset - Enable compatibility page just before Service_PostInit (try and keep zero-tolerance policy for null pointer dereferencing during ROM init)
  - s/MemInfo - OS_Memory 20 implementation. Add knowledge of the compatibility page to OS_Memory 16 and 24.
Admin:
  Tested on BB-xM


Version 5.87. Tagged as 'Kernel-5_87'
parent d0d14112
......@@ -11,13 +11,13 @@
GBLS Module_HelpVersion
GBLS Module_ComponentName
GBLS Module_ComponentPath
Module_MajorVersion SETS "5.86"
Module_Version SETA 586
Module_MajorVersion SETS "5.87"
Module_Version SETA 587
Module_MinorVersion SETS ""
Module_Date SETS "18 Jul 2017"
Module_ApplicationDate SETS "18-Jul-17"
Module_Date SETS "19 Aug 2017"
Module_ApplicationDate SETS "19-Aug-17"
Module_ComponentName SETS "Kernel"
Module_ComponentPath SETS "castle/RiscOS/Sources/Kernel"
Module_FullVersion SETS "5.86"
Module_HelpVersion SETS "5.86 (18 Jul 2017)"
Module_FullVersion SETS "5.87"
Module_HelpVersion SETS "5.87 (19 Aug 2017)"
END
/* (5.86)
/* (5.87)
*
* This file is automatically maintained by srccommit, do not edit manually.
* Last processed by srccommit version: 1.1.
*
*/
#define Module_MajorVersion_CMHG 5.86
#define Module_MajorVersion_CMHG 5.87
#define Module_MinorVersion_CMHG
#define Module_Date_CMHG 18 Jul 2017
#define Module_Date_CMHG 19 Aug 2017
#define Module_MajorVersion "5.86"
#define Module_Version 586
#define Module_MajorVersion "5.87"
#define Module_Version 587
#define Module_MinorVersion ""
#define Module_Date "18 Jul 2017"
#define Module_Date "19 Aug 2017"
#define Module_ApplicationDate "18-Jul-17"
#define Module_ApplicationDate "19-Aug-17"
#define Module_ComponentName "Kernel"
#define Module_ComponentPath "castle/RiscOS/Sources/Kernel"
#define Module_FullVersion "5.86"
#define Module_HelpVersion "5.86 (18 Jul 2017)"
#define Module_LibraryVersionInfo "5:86"
#define Module_FullVersion "5.87"
#define Module_HelpVersion "5.87 (19 Aug 2017)"
#define Module_LibraryVersionInfo "5:87"
......@@ -251,6 +251,10 @@ ProcVecs * &00000000
; Currently, zero page must be located at the processor vectors
ZeroPage * ProcVecs
[ CompatibilityPage
ASSERT ZeroPage != 0 :LAND: ProcVecs != 0
]
; Sort out 26/32 bit versions
SVCStackSize * 32*1024
IRQStackSize * 8*1024
......
......@@ -109,6 +109,7 @@ OSMemReason_ReleasePhysAddr * 15 ; Release the temp mapping
OSMemReason_MemoryAreaInfo * 16 ; Return size & location of various non-DA areas
OSMemReason_MemoryAccessPrivileges * 17 ; Decode AP numbers into permission flags
OSMemReason_FindAccessPrivilege * 18 ; Find best AP number from given permission flags
OSMemReason_Compatibility * 20 ; Get/set compatibility settings
OSMemReason_CheckMemoryAccess * 24 ; Return attributes/permissions for a logical address range
; OS_Memory 17/18 permission flags
......
......@@ -167,6 +167,9 @@ DebugCDA2 SETL {FALSE}
HiProcVecs SETL "$Machine"="Tungsten" :LOR: :LNOT: NoARMv6
]
GBLL CompatibilityPage ; Add a read-only page at &0 for compatibility with buggy zero page reading software
CompatibilityPage SETL HiProcVecs
GBLA FirstUnpluggableModule
FirstUnpluggableModule SETA 8 ; Podule, FileSwitch, ResourceFS, Messages, MessageTrans,
; TerritoryManager, UK. Moot now the keyboard and mouse aren't
......
......@@ -69,10 +69,10 @@ MemReturn
B MemoryAreaInfo ; 16
B MemoryAccessPrivileges ; 17
B FindAccessPrivilege ; 18
B %BT20 ; 19 |
B %BT20 ; 20 | Reserved for us
B %BT20 ; Reason code 19 reserved (for DMAPrep, on SMP branch)
B ChangeCompatibility ; 20
B %BT20 ; 21 |
B %BT20 ; 22 |
B %BT20 ; 22 | Reserved for us
B %BT20 ; 23 |
B CheckMemoryAccess ; 24
; 25+ reserved for ROL
......@@ -1029,6 +1029,7 @@ ReleasePhysAddr
; 13=Processor vectors
; 14=DebuggerSpace
; 15=Scratch space
; 16=Compatibility page
; 16-31 reserved (set to 0)
;
; Out: r1 = base of area
......@@ -1064,6 +1065,7 @@ MAI_TableStart
B MAI_ProcVecs
B MAI_DebuggerSpace
B MAI_ScratchSpace
B MAI_CompatibilityPage
MAI_TableEnd
70
......@@ -1176,6 +1178,17 @@ MAI_ScratchSpace
MOV r3, #16*1024
EXIT
MAI_CompatibilityPage
[ CompatibilityPage
MOV r1, #0
MOV r2, #4096
LDR r0, =L2PT
LDR r3, [r0]
CMP r3, #0
MOVNE r3, #4096
]
EXIT
;----------------------------------------------------------------------------------------
;
; In: r0 = flags
......@@ -1324,6 +1337,105 @@ FindAccessPrivilege ROUT
MakeErrorBlock AccessPrivilegeNotFound
;----------------------------------------------------------------------------------------
;
; In: r0 = flags
; bit meaning
; 0-7 20 (reason code)
; 8-31 reserved (set to 0)
; r1 = 0 to disable compatibility page
; 1 to enable compatibility page
; -1 to read state
;
; Out: r1 = new/current state:
; 0 if disabled
; 1 if enabled
; -1 if not supported
;
; Controls the page zero compatibility page located at &0
;
; If the compatibility page isn't supported, attempts to enable it will
; silently fail, with a result of r1 = -1
;
ChangeCompatibility ROUT
CMP r1, #-1
CMPNE r1, #1
CMPLS r0, #255
BHI MemoryBadParameters
[ :LNOT: CompatibilityPage
MOV r1, #-1
MOV pc, lr
|
Entry "r0-r11", DANode_NodeSize
; Peek L2PT to see if anything's mapped to &0
LDR r8, =L2PT
LDR r0, [r8]
CMP r0, #0
MOVNE r0, #1
FRAMSTR r0,,r1 ; return pre-change state in r1
CMP r1, #-1
CMPNE r0, r1
EXIT EQ
; Set up temp DANode on the stack so we can use a Batcall to manage the mapping
MOV r2, sp
MOV r0, #DynAreaFlags_NotCacheable
STR r0, [r2, #DANode_Flags]
MOV r0, #0
STR r0, [r2, #DANode_Base]
STR r0, [r2, #DANode_Handler]
CMP r1, #1
STREQ r0, [r2, #DANode_Size]
MOV r0, #4096
STRNE r0, [r2, #DANode_Size]
STR r0, [r2, #DANode_MaxSize]
MOV r0, #ChangeDyn_Batcall
MOV r1, #4096
RSBNE r1, r1, #0
SWI XOS_ChangeDynamicArea
FRAMSTR r0,VS
EXIT VS
; If we just enabled the page, fill it with the special value and then change it to read-only
FRAMLDR r1
RSBS r1, r1, #1 ; invert returned state, to be correct for the above action
FRAMSTR r1
EXIT EQ
MOV r0, #0
ADR r1, %FT20
10
CMP r0, #%FT30-%FT20
LDRLO r2, [r1, r0]
STR r2, [r0], #4
CMP r0, #4096
BNE %BT10
LDR r12, =ZeroPage
LDR r7, [r12, #MaxCamEntry]
MOV r4, #0
BL logical_to_physical
BL physical_to_ppn
; r9-r11 corrupt, r3 = page number, r5 = phys addr
MOV r0, #OSMemReason_FindAccessPrivilege
MOV r1, #2_100100
MOV r2, #2_100100
SWI XOS_Memory ; Get AP number for read-only access (will make area XN on ARMv6+)
ORRVC r11, r0, #DynAreaFlags_NotCacheable
MOVVC r2, r3
MOVVC r3, #0
BLVC BangCamUpdate
EXIT
20
; Pattern to place in compatibility page
DCD &FDFDFDFD ; A few of words of invalid addresses, which should also be invalid instructions on ARMv5 (ARMv6+ will have this page non-executable, ARMv4 and lower can't have high processor vectors)
DCD &FDFDFDFD
DCD &FDFDFDFD
DCD &FDFDFDFD
= "!!!!NULL.POINTER.DEREFERENCE!!!!", 0 ; Readable message if interpretered as a string. Also, all words are unaligned pointers.
ALIGN
DCD 0 ; Fill the rest with zero (typically, most of ZeroPage is zero)
30
]
;----------------------------------------------------------------------------------------
;
; In: r0 = flags
......@@ -1389,19 +1501,32 @@ CheckMemoryAccess ROUT
BHS %FT10
; Check zero page
ASSERT ProcVecs = ZeroPage
[ ZeroPage = 0
[ ZeroPage = 0
MOV r3, #0
MOV r4, #16*1024
LDR r5, =CMA_ZeroPage
BL CMA_AddRange
|
|
[ CompatibilityPage
; Zero page compatibility page
LDR r3, =L2PT
LDR r3, [r3]
CMP r3, #0
BEQ %FT05
MOV r3, #0
MOV r4, #4096
; This represents our ideal access flags; it may not correspond to reality
LDR r5, =CMA_Partially_UserR+CMA_Partially_PrivR
BL CMA_AddRange
05
]
; DebuggerSpace
ASSERT DebuggerSpace < ScratchSpace
LDR r3, =DebuggerSpace
LDR r4, =(DebuggerSpace_Size + &FFF) :AND: &FFFFF000
LDR r5, =CMA_DebuggerSpace
BL CMA_AddRange
]
]
; Scratch space
LDR r3, =ScratchSpace
MOV r4, #16*1024
......
......@@ -734,6 +734,12 @@ ResetPart1Done ; R0 is reset type
; Also, *FX 0
BL InitNewFX0Error
]
[ CompatibilityPage
; Enable low zero page compatibility page
MOV R0, #OSMemReason_Compatibility
MOV R1, #1
SWI XOS_Memory
]
[ DebugROMInit
SWI XOS_WriteS
= "Service_PostInit",0
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment